email_300

New generation of spam appears

| They're at it again! The spammers/phishers have ratcheted up their game — today's intray was filled with more enticing goodies:

intray_550

"Thank you for your EXPRESS payment" — What payment? And who's "Express"? Opening the message, carefully, I saw that I had made an online payment of $500 and that I was invited to manage my account at www.mycardcare.com/express. I don't think so, but let's see what this is...

robison_700
"www.mycardcare.com/express" actually leads to a different site that distributes a trojan virus

The actual link behind the plausible-looking one is http://opus22.org/x.html, and if you were so unfortunate to go there without a good browser and good virus protection, you would have picked up a trojan virus. Masking the actual destination of a link by putting some plausible text in the link is nothing new. What is new is the fear-inspiring premise that the reader has made a $500 payment. The temptation to click on the link and see what that payment is all about is very strong.

Then there was Mia Blue telling me that my Target order had shipped. Again it looks like I've made an online order, arousing a strong urge to see what the hell it is.

blue_700
Note how much this message looks like an order confirmation you might receive from any of the big online retailers

What's not obvious is that all the missing picture links and all the text links point not to Target but to http://www.beroemdnaakt.net/x.html. As you might guess from the spelling, beroemdnaakt.net is a site registered in the Netherlands. It's actually an established site, created in 2005 and due to expire in 2011, offering alluring females and accepting credit cards. This page, x.html, may have been hacked into the site by someone with nefarious goals in mind, namely infecting you with a virus instead of a standard STD.

Next comes something purportedly from Evite, a legitimate site which I've used and which Jim and Angela regularly use to issue invitations to their Halloween party. This one (and unfortunately I permanently deleted the message before capturing an image) thanks me for using Evite to host someone's birthday party. Again it looks very much like the messages you get from Evite. Again it gives you an opportunity to "review" your invitation, and guess what? Once again you are taken off to http://www.beroemdnaakt.net/x.html. Those girls are gonna be busy!

Last updated on Apr 13, 2018

Chronicles

Archives

Recent Articles